What's wrong with Comodo Firewall: PLENTY!

#1 - It’s way too complicated to set up, and way too easy to mistakenly do a setup that doesn’t give you the protection you think you have/want.
(Example: Notebook computer w/ wired & wireless connections - some places will plug into wired connection called ‘T-Lan’ for Internet but whole series of condo buildings other customers have LAN addresses - these LAN addresses should be treated same as WAN/Internet. But, when I go somewhere else, I’m on a real LAN.)

#2 - Activity/Connections: Allow me option to log the connections. Allow me ability to do reverse DNS on the IP addresses on the connections.

#3 - Activity/Logs: If I change the dropdown from today to Last 30 days, I still only see today.
Allow me to load the log into Notepad or other program.

#4 - Bad warnings - I often get warning that Outlook is using Firefox, or some other program is using Firefox when it’s really not - I AM USING FIREFOX DIRECTLY* but somehow the firewall is very confused and thinks another program is. These warning messages - effectively crying wolf - may lead to ignoring a real warning someday because every single day I get the false warnings. If I answer NO to disallow the supposed other software from using Firefox, I cannot use Firefox to browse anymore - it totally blocks the foreground browser window. I have to close Firefox and restart.

So far, I’m not very impressed with this firewall…

Sorry you’re not feelin’ the firewall love, cristal ~

I’ll address item #4 - You’re seeing alerts related to Application Behavior Analysis, which is an issue that has confused a lot of users before you. Within the OS, applications communicate and share information at a level unseen by the user, and can continue to have a connection of sorts, even after being closed by the user. There is nothing to be done to change that, nor anything to be concerned about.

The alert comes in because malware is known to try to exploit this type of behavior for its own purposes. Thus, as CFP monitors internet connectivity, it will provide an alert when it sees this type of activity; it does not determine whether it is safe or not, just that it is suspicious. Comodo’s development team has given the rule of thumb that if you recognize both applications, it is safe to Allow; if you do not recognize both applications, then you may have a problem.

Version 3 of the firewall (scheduled to start Beta testing in mid-April) will have a huge “safelist” as part of its security, which will be able to rule out “false-positives” such as you are currently seeing, to greatly reduce the amount of necessary user interaction.

Items #2 & 3 are on the Wishlist already.

If you want help with Item #1, please post a question in the Help section of the Firewall board, and someone will help you with that.


I get alerts like this, that something else is using Internet Explorer etc. Haven’t got the faintest idea what it’s on about.

Hi Cristal,

It’s not just comodo. A lot of firewall gives pop ups like these. And at the beginning users read these and allow/deny accordingly. But after some time, just like any other thing in life , which was interesting at the beginning becomes a pain in the *** he he… that’s life. And we rather foolishly just allow them when ever the pop up comes.

This is where u take the gamble. Most of the time these could be safe applications. But why did we install a FW like this rather than using windows FW. since we needed more security. So pay a little attention. Cuz prevention is better than cure.

V 3.0 s safe list is good. but I don’t see how they are gonna do it. Someone pls shed some light on how it’s gonna actually work!


What we need regarding issue #4 is advanced application behavior control - rules to allow or disallow some applications to call other applications. Kerio Peronsal Firewall had this feature - and it was among the major reasons I used KPF - but only very rudimentarily, meaning you can either allow or disallow an application to call other applications, but you cannot specify a list of such pairs of applications.

I’d like to have something similar to networking connections rules, best even with wildcards in file paths, for example:

  1. Allow C:\Program Files* execute C:\Program Files\Firefox\Firefox.exe
  2. Allow and log C:\Program Files\Firefox\Firefox.exe execute C:**Office**
  3. Disallow * execute *\IExplore.exe

Exactly. I would rather have a software that is more “complicated” than otherwise. Anything difficult can eventually be solved through learning. Conversely, the Windows Firewall is easy because you don’t have to really do anything, but you’ll be stuck with a half-baked firewall (no outbound protection). With CFP it provides more options, more control, and it’s constantly in development and open to improvements.

I really didn’t want to, but it seems you asked for the technical explanation:

Essentially, CFP 3 HIPS will only alert under 2 conditions:
a) It detects a malware or b) It detects an obscure file not in the safelist yet

Although CFP is doing it’s job, I can see alot of new users being put off the firewall because of these prompts. Maybe this option should be disabled by default (it can always be enabled later). I have a feeling it is enabled so that it can pass all leak tests.


It’s always hard to find the right balance: security vs convenience. How do we based it on the majority’s preference? New users who are put off will most likely be the ones who don’t like to configure the firewall’s advanced features, so they won’t realize its benefits. For example, if I was new how would I know which options are recommended or not for better security after I become comfortable with CFP, given the fact that I don’t even know what they are or do?

I guess one suggestion would be to develop a new installation procedure in which the initial stages will offer various levels of difficulty that adjust the features/options.

That is true :). I guess you could look at it this way. If a new user wasn’t comfortable with a certain feature, they could always disable it.


My question is: For whom was Comodo Firewall created?? Is seems to me that it’s only for people who are very knowledgeable about Computers and programs. For instance, what the heck is OEM?? And “UDP?” and “IDP?” and “loopbacks?” and all the other abbreviations?? What do THEY stand for?? And how many people even know there is a “registry?” and registry “keys”? Much less “regedit?”
I’m sure that somewhere there is a glossary that explains all the abbreviations, but what the heck good does THAT do, when many people won’t even understand the explanations?
When I look for solutions to problems I’ve enountered with Comodo Firewall, and read these posts, it is as if I’m reading things which only experts are familiar with. I mean, how many people can even figure out how to confugure Comodo Firewall in the first place? Terms like “svchost” problems—how many people, including myself even know what the heck “svchost” is?? And the “components” feature in the firewall—what the heck is THAT all about?? And if a person is not sure what application to add in the “Rules” and allow, to fix a problem—what does such a person do?? Applications names do not automatically tell you that that is the application you want to add in the Applications Rules. So I repeat—for whom was Comodo firewall created?? To me it seems that it was created ONLY for the very few. For only those who know computer operating systems and programs and understand all the terminology. Now, wasn’t Comodo firewall created so EVERYONE EVERYWHERE can use it?? And use it easily?? It sure doesn’t look that way.


Here’s how I see the situation:

CFP is a firewall for everyone; for those who want a “set and forget” FW, and those who want the utmost in security, and want to tinker all the time (and everything in between).

The problem comes in that there is a lack of detailed, understandable configuration/setup instruction at/prior to install. Add to that, people thinking that it’s just like all their other FWs; they’re not used to the FW involving them, and when it does, they want to “fix” it. Usually “breaks” it. :frowning:

For the average user, they should run the install on Automatic. Then run the Known Application Wizard. Set the Alert Frequency to Very Low. Be on about their business. When a new/unknown application runs, they will get one alert. That’s it. Anything else happens, they can know it’s a problem. CFP does not give a popup when it blocks inbound traffic, so there’s no involvement there. But prior to reading thru the forums, the user will not know that.

Rest assured, all this has been brought up before, and I am confident Comodo is working to address it. However, improving the firewall’s security implementation will no doubt take priority.


Lots of reading! And I am an amateur! However, will you please explain this report in the network monitor please. “Block and log IP in or out from IP (any) to IP (any) where Ipproto is any”
Also, which is the automatic setting - the default custom one? Thanks,
Peter. :■■■■


That rule (which by default is the bottom rule (I think ID 5), which makes it the 6th rule, is the “catch-all” or “safety net.” This rule is there to stop any traffic, whether Inbound or Outbound, which has not been allowed by the preceding rule (no matter how many rules you may have added).

CFP’s network rules filter from the top down, and for each instance of traffic, works down thru the list until that specific traffic is either allowed or denied. Check out this page: https://forums.comodo.com/index.php/topic,6167.0.html. Look for the tutorial about the layered rules. That has a more detailed explanation of this filtering process, which is at the core of CFP’s security.

As far as Automatic… I’m referring to the (I think it’s the first choice) choice given when installing CFP. It will ask if the user wants to install Automatic (which is default) or Advanced (I think advanced is how they call it; at any rate, it requires the user to manually configure the firewall during installation). I believe that no matter which route you choose to take during install, CFP will show the security level as “custom.” Since the only other options are Allow All or Block All… Could be kind of confusing…


I hate it when someone joins only to say what’s wrong with a product (“Posts: 2”), makes a whole big deal about hating it, then never comes back to see if that problem can be fixed. >:(

And I agree with Little Mac on the last part - “Custom” should be changed to “Default”. I will admit that I too was slightly befuddled when I saw that. I’m used to working with very advanced programs, and “Custom” is always above “Default”, not the same thing, where “Default” is the manufacturer’s default settings and “Custom” was your own. I kept trying to figure out how to change it “back” because I hadn’t even TOUCHED anything yet and I didn’t want to break what all my research had said was the best firewall in the world. I accidentally broke the firewall in trying to “UN-break” it. Then I got all worried that it was off and I tried to turn it back on. Then when I did, I tried to change it back again and preceded to do the exact same thing. xD

In plain English (■■■■ alien posters), it’s confusing and can lead people to try to creect things when they don’t need to be corrected. :wink: :smiley:

You will just have to learn something new , wont you ?
How do you expect to set up a secure system if you don’t have a clue
about how networking computers works ?
Don’t blame Comodo for your lack of knowledge, use it as an opportunity to learn
something new . This forum is filled with high-quality info on networking, protocols, rules etc etc
and has many knowledgeable members who will help out anyone who shows an interest in learning

Oh, oh, now it’s ON. (:LGH)

Ouch! Maybe you’re just reacting to his/her negativity?
Mama sez it takes all kinds of people to make the world go 'round.

Some people just want to turn the key and go, ya know?
Nothing wrong with that – it’s those same people who tote their PC in monthly, and pay us to scrub the downloaded porn from their computer (afore the ol’ lady finds out) instead of learning to empty the browser cache for themselves.